CVE-2024-9809

Summary

CVE-2024-9809 is a critical vulnerability identified in SourceCodester Online Eyewear Shop version 1.0, specifically affecting the delete_product function in the file /classes/Master.php?f=delete_product, which is susceptible to SQL injection due to improper handling of the id argument. This vulnerability allows remote attackers to manipulate database queries, potentially compromising data integrity and confidentiality. To remediate this issue, organizations should implement input validation and parameterized queries to secure SQL commands against injection attacks. The threat level is considered medium, with an exploitability score of 2.8, indicating that low privileges are required for exploitation and no user interaction is necessary. Public disclosure of the exploit increases the urgency for affected entities to address this vulnerability promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.